CVE-2022-3293

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

GitLab 日志信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE versions 9.3 through 15.2.5,...

GitLab 信息泄露漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab EE version 13.7 up to and including...

CVE-2022-3293

Removed by vendor...

PT-2022-21588 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 9.3 through 15.2.4 GitLab EE versions 15.3 through 15.3.3 GitLab EE versions 15.4 through 15.4.0 Description: Email addresses were leaked in WebHook logs. The issue affects GitLab EE, with the leak occurring in the logs...

CVE-2022-3293

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-3293

Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1...

CVE-2022-3293

GitLab EE vulnerability CVE-2022-3293: Email addresses were leaked in WebHook logs affecting all versions from 9.3 up to 15.2.5, 15.3 up to 15.3.4, and 15.4 up to 15.4.1. The connected sources confirm the affected product (GitLab EE) and the impact (exposure of email addresses via WebHook logs). ...

CVE-2022-39302

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

Design/Logic Flaw

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-39302 Ree6 may bypass webhook protection

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

Istio 资源管理错误漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio suffers from a resource management error vulnerability that stems from susceptibility to request handling errors, which can be exploited by an attacker to send specially crafted or oversized messages that...

CVE-2022-39302 Ree6 may bypass webhook protection

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-39302 Ree6 may bypass webhook protection

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protection...

CVE-2022-39302

CVE-2022-39302 affects Ree6, a Discord moderation bot. Multiple sources describe a cross-server channel targeting flaw where a specially crafted log message can cause a configuration like “Better-Audit-Logging” to reference a channel in another server, enabling sending log messages to that channe...

CVE-2022-39292 Exposure of sensitive Slack webhook URLs in debug logs and traces

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...

GitLab 9.3 < 15.2.5 / 15.3 < 15.3.4 / 15.4 < 15.4.1 (CVE-2022-3018)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before...

GitLab 9.3 < 15.2.5 / 15.3 < 15.3.4 / 15.4 < 15.4.1 (CVE-2022-3293)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 CVE-2022-3293 Note that Nessus has not tested f...

Information Disclosure

github.com/goharbor/harbor is vulnerable to information disclosure. The library fails to validate the user permissions to view Webhook policies including credentials configured in different projects, resulting in remote authenticated attackers being able to read Webhook policies of other...

GHSA-QGV4-7JHX-C72Q Missing webhook endpoint authorization in Jenkins Rundeck Plugin

Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck...